Insights from industry experts

Do Chinese Cloud, Mobile Providers Pose a Threat?

The volume of classified and proprietary information stolen from the U.S. government and corporations by sources based in China could fill the world's largest library, the Library of Congress, more than 50 times over, according to U.S. defense officials. It is no wonder that cybertheft has emerged as the single greatest threat to American technological competitiveness on the world stage.

Now, imagine what would happen if our smartphones and tablets became targets in this contest, breached by hackers and spies looking to access our information. With the Chinese cloud and mobile industries taking off on a global scale, the potential for proprietary or personal data falling into the wrong hands is of growing concern. Along with broader security unknowns in a cloud environment, this realization should drive business, government, and consumers to put a greater premium on provider transparency and data security practices.

In spite of Chinese cloud firms' efforts to provide greater transparency, the threat to the integrity of U.S. corporations' intellectual property remains.

Last year, Chinese companies accounted for roughly 10 percent of the global investment in cloud computing. Companies such as Huawei, the Alibaba Group and ZTE are emerging as viable competitors to IBM, Amazon, and HP in the Chinese domestic market.

Their growth, however, has not been confined to Asia. Huawei's investments in end-to-end cloud computing infrastructure solutions for telecommunications providers and consumer-oriented tablets and smartphones are already paying off across the globe. In particular, the company has been hugely successful selling its smartphones and tablets in Africa. Meanwhile, the Alibaba Group's successful cloud-based operating system for smartphones could soon make it a worldwide competitor.

Eying the U.S. Marketplace

Already tremendously successful in China, Huawei has set its eyes on the U.S. market. Foremost among its likely targets are second-tier telecommunication companies. Huawei's executives advocate a global strategy that enables "greener, more efficient and innovative implementation" of cloud solutions, a model widely embraced in Africa that has begun to make inroads in Europe.

Closely correlated to the meteoric rise of these telecommunications and IT providers, however, is a rising tide of speculation and mistrust. Simply put, there is a pervasive fear expressed by government officials and the media that telecommunications infrastructure equipment or consumer devices such as tablets and smartphones could serve as a back-door channel for espionage and cybertheft.

Historical issues with corporate transparency and past accusations of misdeeds are the root of many of these concerns. Just this year, the FBI launched an investigation into ZTE regarding allegations that the firm sold banned U.S. technology products to Iran. For its part, Huawei has made a significant push to counteract past allegations of security risks through extensive marketing efforts and greater transparency into the makeup of its corporate leadership and overseas sales. But lingering speculation of both firms' possible ties to the Chinese government, founded or not, has done little to quell fears.

Even more disconcerting are questions of the degree to which the Chinese government influences private corporations. To date, there is no evidence of government involvement in any of these aforementioned firms, however, and security vulnerabilities in Huawei's equipment have similarly been observed in its American counterparts.

Acknowledging Risk

In spite of Chinese cloud computing firms' efforts to provide greater transparency and openness, the threat to the integrity of U.S. corporations' intellectual property remains. The continuing loss of data to China suggests that the U.S. government should carefully assess the cybersecurity implications associated with the expansion of Chinese cloud and mobile providers in the U.S. market.

Government officials should remain equivocal while acknowledging risk, since foreign private corporations by nature are not synonymous with foreign governments. Still, caution is necessary to mitigate the potential cybersecurity threat to U.S. businesses and consumers.

Regardless of whether a vendor is based domestically or abroad, cyberespionage and data theft is a pervasive problem. Indeed, large U.S. companies have experienced significant data losses to hackers and other actors. In response, some providers have implemented more robust security policies to mitigate this persistent threat; others, however, lag behind.

Government, businesses and consumers must prioritize the issue of data security and carefully assess providers' security protections. The risk to the success of American innovation is too great to ignore.

Gavin Long is a contributing expert at SafeGov.org, an industry forum that promotes trusted and responsible public-sector cloud computing, and managing director at Civitas Group, an investment advisory services firm focused on the security and capital markets.

About the Author

Gavin Long is a contributor to SafeGov.org, an industry forum that promotes
trusted and responsible public-sector cloud computing, and managing director
at Civitas Group, an investment advisory services firm focused on the
security and capital markets.